MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 db5d47d8fd8645176f1a4dffe1ffb763aed90d3c2afcfcdbbaaa7456accded7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 14


Intelligence 14 IOCs YARA 13 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: db5d47d8fd8645176f1a4dffe1ffb763aed90d3c2afcfcdbbaaa7456accded7d
SHA3-384 hash: 7ad9f9422cf1bda8ddb899f8d1d7909b4bbb0b6d60de62b3c202d8891ae271df5c22924d07d0b4bb611187cabfb4c58a
SHA1 hash: 1cc1ecb04c0e7573d27e352da2955dca0a486a64
MD5 hash: 01c34cf06ab2620c6634e761b8bd12a2
humanhash: december-august-quiet-seventeen
File name:morte.i686
Download: download sample
Signature Mirai
Create hunting rule
File size:120'084 bytes
First seen:2025-11-07 17:10:37 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:EEHo8cEOHZOtLVXqa7r8jUdJW/JLJKxSl5QyyVWs0+ZKU71oiIzcs/1/AW8:EqgDKqURX2JYxSgoZ+ZKUJoB8
TLSH T168C329C0B58BC1F9DA1B84305067B33FDB32D4A84070EA99EFD6AF75E663500A52E25D
telfhash t18831f6f5fee61cdd9be08507c64e5b51c90cfa7b382036bd0af6629536725029078c39
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf mirai upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 05d2d4be8bc03591f6461dcbf68cf8445fbb403fa4b4ea4f5435dc1dab5c9ab3
File size (compressed) :49'208 bytes
File size (de-compressed) :120'084 bytes
Format:linux/i386
Packed file: 05d2d4be8bc03591f6461dcbf68cf8445fbb403fa4b4ea4f5435dc1dab5c9ab3

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
NL NL
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30435.LC.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Siggen.9999-14.UNOFFICIAL
Create hunting rule

Unix.Trojan.Mirai-7100807-0
Create hunting rule

Unix.Dropper.Mirai-7135897-0
Create hunting rule

Unix.Dropper.Mirai-7135901-0
Create hunting rule

Unix.Dropper.Mirai-7135909-0
Create hunting rule

Unix.Trojan.Mirai-7135916-0
Create hunting rule

Unix.Dropper.Mirai-7135918-0
Create hunting rule

Unix.Dropper.Mirai-7135954-0
Create hunting rule

Unix.Dropper.Mirai-7136016-0
Create hunting rule

Unix.Dropper.Mirai-7136028-0
Create hunting rule

Unix.Trojan.Mirai-8025795-0
Create hunting rule

Unix.Dropper.Mirai-10007027-0
Create hunting rule

Unix.Trojan.Mirai-10009361-0
Create hunting rule

Unix.Trojan.Mirai-10017298-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Runs as daemon
Opens a port
DNS request
Performs a bruteforce attack in the network
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
gafgyt masquerade mirai obfuscated
Link:
https://www.filescan.io/uploads/690e28358938e2fe22144931/reports/79095885-f813-4bfb-8f86-e1a1e48ff4f4/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
not packed
Botnet:
unknown
Number of open files:
47
Number of processes launched:
8
Processes remaning?
false
Remote TCP ports scanned:
81,5000,8080,22,37215,80,23,52869,9527,8081,8888
Full report:
https://elfdigest.com/brief/db5d47d8fd8645176f1a4dffe1ffb763aed90d3c2afcfcdbbaaa7456accded7d
Behaviour
Information Gathering
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-11-07T14:24:00Z UTC
Last seen:
2025-11-09T12:01:00Z UTC
Hits:
~10
Detections:
HEUR:Exploit.Linux.CVE-2018-10561.a HEUR:Backdoor.Linux.Mirai.r HEUR:Backdoor.Linux.Mirai.b HEUR:Backdoor.Linux.Gafgyt.bl HEUR:Backdoor.Linux.Gafgyt.bj
Link:
https://opentip.kaspersky.com/db5d47d8fd8645176f1a4dffe1ffb763aed90d3c2afcfcdbbaaa7456accded7d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/15588b73-6af2-4d68-bef5-418fcbb137f7
Behavior Graph:
Download SVG
%3 guuid=c2582e86-1800-0000-e9b3-c58a9e0d0000 pid=3486 /usr/bin/sudo guuid=ed4c3688-1800-0000-e9b3-c58aa40d0000 pid=3492 /tmp/sample.bin net guuid=c2582e86-1800-0000-e9b3-c58a9e0d0000 pid=3486->guuid=ed4c3688-1800-0000-e9b3-c58aa40d0000 pid=3492 execve 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=ed4c3688-1800-0000-e9b3-c58aa40d0000 pid=3492->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cd4e7788-1800-0000-e9b3-c58aa50d0000 pid=3493 /tmp/sample.bin guuid=ed4c3688-1800-0000-e9b3-c58aa40d0000 pid=3492->guuid=cd4e7788-1800-0000-e9b3-c58aa50d0000 pid=3493 clone guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148 /tmp/sample.bin net zombie guuid=ed4c3688-1800-0000-e9b3-c58aa40d0000 pid=3492->guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148 clone guuid=352eecb4-1900-0000-e9b3-c58a35100000 pid=4149 /tmp/sample.bin guuid=ed4c3688-1800-0000-e9b3-c58aa40d0000 pid=3492->guuid=352eecb4-1900-0000-e9b3-c58a35100000 pid=4149 clone guuid=65b9f7b4-1900-0000-e9b3-c58a36100000 pid=4150 /tmp/sample.bin net send-data zombie guuid=ed4c3688-1800-0000-e9b3-c58aa40d0000 pid=3492->guuid=65b9f7b4-1900-0000-e9b3-c58a36100000 pid=4150 clone guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494 /tmp/sample.bin net zombie guuid=cd4e7788-1800-0000-e9b3-c58aa50d0000 pid=3493->guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494 clone guuid=d6948b88-1800-0000-e9b3-c58aa70d0000 pid=3495 /tmp/sample.bin guuid=cd4e7788-1800-0000-e9b3-c58aa50d0000 pid=3493->guuid=d6948b88-1800-0000-e9b3-c58aa70d0000 pid=3495 clone guuid=fa6d9588-1800-0000-e9b3-c58aa80d0000 pid=3496 /tmp/sample.bin dns net send-data zombie guuid=cd4e7788-1800-0000-e9b3-c58aa50d0000 pid=3493->guuid=fa6d9588-1800-0000-e9b3-c58aa80d0000 pid=3496 clone guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 4029ca3f-f3ab-5fb6-a75b-6e33fad6314f 209.190.60.239:9527 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->4029ca3f-f3ab-5fb6-a75b-6e33fad6314f con 3d3c61ce-2d41-5170-b6d5-54420b7f3c46 83.134.36.239:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->3d3c61ce-2d41-5170-b6d5-54420b7f3c46 con 4bae595f-bff6-5bfc-bab5-4453d65d91e6 191.96.157.18:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->4bae595f-bff6-5bfc-bab5-4453d65d91e6 con 294bf497-c42e-5e32-8778-d1058d8cf387 98.84.182.157:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->294bf497-c42e-5e32-8778-d1058d8cf387 con fbf547c5-ce9f-52f4-a375-50d982ee1964 155.234.132.144:80 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->fbf547c5-ce9f-52f4-a375-50d982ee1964 con 2bbea6e9-a2da-5fcf-960a-3bd03accfc06 131.32.110.179:9527 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->2bbea6e9-a2da-5fcf-960a-3bd03accfc06 con dbf4b762-7d59-5b7b-a19d-389f2d404634 158.244.150.66:37215 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->dbf4b762-7d59-5b7b-a19d-389f2d404634 con da1daa29-0190-556f-ae97-ffbabab3953a 222.28.140.194:22 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->da1daa29-0190-556f-ae97-ffbabab3953a con d2ae7aed-8541-5395-88e8-697bac1fbd19 110.172.160.47:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->d2ae7aed-8541-5395-88e8-697bac1fbd19 con 49d389fd-579e-5c96-ba94-36c826168a52 160.140.67.21:80 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->49d389fd-579e-5c96-ba94-36c826168a52 con 59c1b092-5558-5a8a-92d0-a5adbf60360d 75.223.31.81:5000 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->59c1b092-5558-5a8a-92d0-a5adbf60360d con 27b2b9db-ef11-5273-8d9b-846d18d7b641 118.111.240.122:5000 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->27b2b9db-ef11-5273-8d9b-846d18d7b641 con a3175b58-bcfe-5a5a-a24c-7efc6a5a00b1 157.137.145.174:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->a3175b58-bcfe-5a5a-a24c-7efc6a5a00b1 con 251cfb81-062b-5442-958e-2f9b2ed49f2f 179.200.124.88:81 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->251cfb81-062b-5442-958e-2f9b2ed49f2f con dfeccf39-d1d9-58c9-817f-0c591497196e 60.251.43.127:22 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->dfeccf39-d1d9-58c9-817f-0c591497196e con 9300ca1f-4a92-5104-9cca-af966e5983ea 103.190.126.235:81 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->9300ca1f-4a92-5104-9cca-af966e5983ea con 84d7ad9c-4545-535e-984b-d2c0c6abd36a 147.196.101.238:80 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->84d7ad9c-4545-535e-984b-d2c0c6abd36a con a83ff91f-532f-501e-aa2a-ac48091944aa 223.250.216.80:23 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->a83ff91f-532f-501e-aa2a-ac48091944aa con 008e0904-9b63-5932-92dc-b43cbb3f9dfc 39.61.13.57:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->008e0904-9b63-5932-92dc-b43cbb3f9dfc con 2f50c2b5-8ad1-5a32-987f-147d4361a7ac 126.255.9.191:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->2f50c2b5-8ad1-5a32-987f-147d4361a7ac con 2e6ee7d7-222b-51df-9c58-68c5e691fdcd 111.136.87.119:8888 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->2e6ee7d7-222b-51df-9c58-68c5e691fdcd con ab046530-d797-50e6-a3e5-2e04657c2035 32.59.223.40:81 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->ab046530-d797-50e6-a3e5-2e04657c2035 con 668d0ef8-25f5-5acd-a010-b9147183a876 125.179.178.223:22 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->668d0ef8-25f5-5acd-a010-b9147183a876 con 94bde389-4fdc-576d-a2d6-b2d9ce6dfe16 97.50.100.56:37215 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->94bde389-4fdc-576d-a2d6-b2d9ce6dfe16 con eb16f944-7245-55a9-b29b-c1856911f2a7 210.164.191.12:8888 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->eb16f944-7245-55a9-b29b-c1856911f2a7 con 9f65b0e6-5f27-589c-a89e-70ff7b78da16 157.52.1.100:37215 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->9f65b0e6-5f27-589c-a89e-70ff7b78da16 con cd134a2c-4aa5-5c8d-b1f5-904f6d6d93c3 188.13.114.90:80 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->cd134a2c-4aa5-5c8d-b1f5-904f6d6d93c3 con 36ff42f4-a884-5bc8-b232-e0655af1d7be 24.194.203.10:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->36ff42f4-a884-5bc8-b232-e0655af1d7be con ced8916e-b8e2-5409-bf0a-b8ee3f005eaf 203.108.21.35:9527 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->ced8916e-b8e2-5409-bf0a-b8ee3f005eaf con c2e89486-5d8d-52b8-ad91-f2fc020f68fc 121.64.224.183:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->c2e89486-5d8d-52b8-ad91-f2fc020f68fc con 8969d362-3889-5eba-80a2-eb3b6e770401 19.38.188.14:80 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->8969d362-3889-5eba-80a2-eb3b6e770401 con c7e064f8-7303-5f4b-990d-d0804f3b2e02 17.119.65.153:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->c7e064f8-7303-5f4b-990d-d0804f3b2e02 con 469aa90f-91e3-5644-8e75-35faa5e13aab 2.248.90.195:9527 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->469aa90f-91e3-5644-8e75-35faa5e13aab con 92b762bf-ef86-5fe9-8967-5e0f9e2c67ed 142.65.215.226:80 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->92b762bf-ef86-5fe9-8967-5e0f9e2c67ed con c0b4fe18-7a81-51b2-858e-3137b9ae0174 152.95.171.146:22 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->c0b4fe18-7a81-51b2-858e-3137b9ae0174 con 664450f7-0cc3-5f22-8ee6-e10f85337a53 223.239.42.247:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->664450f7-0cc3-5f22-8ee6-e10f85337a53 con 25678154-9fd0-59a4-87b6-6f0e01dd4507 147.185.83.77:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->25678154-9fd0-59a4-87b6-6f0e01dd4507 con e4d126fe-de36-5a35-a0d1-54cc115f0343 209.119.208.216:52869 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->e4d126fe-de36-5a35-a0d1-54cc115f0343 con a27c6ffb-d161-56f8-b27b-eb6e074a2bcf 82.118.117.158:23 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->a27c6ffb-d161-56f8-b27b-eb6e074a2bcf con ab803512-3bce-539a-bb17-6c5e1d7ad7fa 134.195.229.156:9527 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->ab803512-3bce-539a-bb17-6c5e1d7ad7fa con 6d333f2b-1532-5bbd-8c45-67425bf5f4ab 70.101.123.116:8081 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->6d333f2b-1532-5bbd-8c45-67425bf5f4ab con b39d6a16-0cb3-5de0-af48-26952564a5cc 132.219.220.178:5000 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->b39d6a16-0cb3-5de0-af48-26952564a5cc con 72596d11-55b3-5514-a6ad-fd7335424381 139.85.145.205:5000 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->72596d11-55b3-5514-a6ad-fd7335424381 con e9544d42-1483-588f-98a1-a4a87d198eb0 102.26.189.220:80 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->e9544d42-1483-588f-98a1-a4a87d198eb0 con 65e21e92-6b36-55eb-bb24-2947c859708d 211.93.94.131:8888 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->65e21e92-6b36-55eb-bb24-2947c859708d con 225643e3-3863-52f2-8e0a-777690fb6768 190.184.170.112:9527 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->225643e3-3863-52f2-8e0a-777690fb6768 con c5703eae-9b87-5137-8822-21a7522d543e 105.166.6.230:37215 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->c5703eae-9b87-5137-8822-21a7522d543e con 87083761-6244-5eb3-b15e-624018cb054a 112.108.190.169:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->87083761-6244-5eb3-b15e-624018cb054a con 0edaf4ac-00e5-577a-8418-12f6b80121f0 47.36.178.236:52869 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->0edaf4ac-00e5-577a-8418-12f6b80121f0 con 57169344-cc24-518b-a7c4-6d73758c6411 9.211.251.84:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->57169344-cc24-518b-a7c4-6d73758c6411 con 65e092c4-5d41-586e-acb7-b58c25458866 83.160.107.127:9527 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->65e092c4-5d41-586e-acb7-b58c25458866 con dd8205ae-bcb8-5083-ae3d-a83b5d409f11 63.124.247.254:8888 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->dd8205ae-bcb8-5083-ae3d-a83b5d409f11 con 1528a08a-36c5-52df-a8bb-6516e4af6387 79.96.197.218:37215 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->1528a08a-36c5-52df-a8bb-6516e4af6387 con d6aa3e95-6f19-51c0-95e2-a8485349f7a1 117.36.20.245:81 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->d6aa3e95-6f19-51c0-95e2-a8485349f7a1 con e1a1c078-99ed-5ec7-93db-ec14139f86ee 50.115.27.98:37215 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->e1a1c078-99ed-5ec7-93db-ec14139f86ee con 38a66c0e-cf74-5a32-afe5-ba01bfc60cd0 192.51.148.248:8080 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->38a66c0e-cf74-5a32-afe5-ba01bfc60cd0 con 06f30a1b-a061-55c5-8450-f101e757d2fe 23.187.178.82:37215 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->06f30a1b-a061-55c5-8450-f101e757d2fe con fb64ba4d-3b22-5ede-9780-912b4ee68232 82.247.250.190:8081 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->fb64ba4d-3b22-5ede-9780-912b4ee68232 con f2d6d844-2229-572e-bced-5e59918b415a 101.86.73.185:23 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->f2d6d844-2229-572e-bced-5e59918b415a con 097a538d-28ce-50fb-bf29-5254878286e3 173.38.190.21:22 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->097a538d-28ce-50fb-bf29-5254878286e3 con a8c59925-73c7-5a48-a412-38ec3cc4da46 59.225.254.52:81 guuid=de608288-1800-0000-e9b3-c58aa60d0000 pid=3494->a8c59925-73c7-5a48-a412-38ec3cc4da46 con guuid=fa6d9588-1800-0000-e9b3-c58aa80d0000 pid=3496->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 216B 62d17e6a-4c11-5f38-bf9d-8aec77b84b23 mortex.duckdns.org:12121 guuid=fa6d9588-1800-0000-e9b3-c58aa80d0000 pid=3496->62d17e6a-4c11-5f38-bf9d-8aec77b84b23 con guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con b3325231-0b03-510e-8098-582856f52611 185.221.125.237:81 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->b3325231-0b03-510e-8098-582856f52611 con 1cd5cc86-b7a1-51d7-9415-157574d9396a 219.100.101.237:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->1cd5cc86-b7a1-51d7-9415-157574d9396a con 09270ef1-663d-592c-8d30-9ba65d2b3cb9 105.196.116.116:22 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->09270ef1-663d-592c-8d30-9ba65d2b3cb9 con 70098e05-1aa7-5813-9c0c-16d00d3de811 218.51.200.45:9527 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->70098e05-1aa7-5813-9c0c-16d00d3de811 con a9a2955c-e240-557d-afaf-07aea5b05111 218.154.43.196:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->a9a2955c-e240-557d-afaf-07aea5b05111 con 8c3b218b-ec6d-5d49-9742-cb3b8f79d3e5 107.252.207.187:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->8c3b218b-ec6d-5d49-9742-cb3b8f79d3e5 con c2be29f1-d513-59f3-82e7-8851954d8936 182.165.27.179:5000 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->c2be29f1-d513-59f3-82e7-8851954d8936 con ea40bf36-7d97-5516-a1bc-5ebea9ed259a 68.121.230.10:8081 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->ea40bf36-7d97-5516-a1bc-5ebea9ed259a con 8efb87e0-a123-534a-8069-56df29166f61 146.218.161.191:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->8efb87e0-a123-534a-8069-56df29166f61 con 1242f856-09f3-5931-8efd-d59992d58f83 67.76.65.63:80 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->1242f856-09f3-5931-8efd-d59992d58f83 con c04b39c2-dc77-51b6-9ad5-6e5d03167cab 217.2.122.144:23 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->c04b39c2-dc77-51b6-9ad5-6e5d03167cab con af118092-1bd3-562e-b1bd-f516aa763ded 36.96.83.2:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->af118092-1bd3-562e-b1bd-f516aa763ded con f594b1a1-2d12-506f-aec5-48d957c8e188 156.34.216.146:5000 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->f594b1a1-2d12-506f-aec5-48d957c8e188 con 8072f54f-6aac-5fec-b196-b6b3917d1c88 79.39.179.98:52869 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->8072f54f-6aac-5fec-b196-b6b3917d1c88 con c9739b50-6d63-5b20-810d-e0f745df26ad 45.35.90.221:23 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->c9739b50-6d63-5b20-810d-e0f745df26ad con 7ea32dca-26a9-57c1-8b21-bc15c8b8f4b5 48.14.74.11:8888 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->7ea32dca-26a9-57c1-8b21-bc15c8b8f4b5 con 6a006760-6d4d-592a-b60d-8c31343a32c9 53.234.108.97:37215 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->6a006760-6d4d-592a-b60d-8c31343a32c9 con 8c860a70-241f-55b6-8964-700fa3d1c57e 90.78.20.72:8888 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->8c860a70-241f-55b6-8964-700fa3d1c57e con 6998bfaf-7601-5dcf-b35e-ce08a7fe30f1 202.63.47.206:52869 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->6998bfaf-7601-5dcf-b35e-ce08a7fe30f1 con c8892fbb-f4c8-5269-ad6b-08663585de23 101.81.124.19:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->c8892fbb-f4c8-5269-ad6b-08663585de23 con a1096829-7ca4-5be0-906e-98d3edefe307 177.220.150.89:80 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->a1096829-7ca4-5be0-906e-98d3edefe307 con e66038f6-e251-5a1d-909f-08830b3f1bf9 139.108.203.185:81 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->e66038f6-e251-5a1d-909f-08830b3f1bf9 con d1ebdb96-3e79-5a97-a1e7-efe608f40bce 130.95.64.5:22 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->d1ebdb96-3e79-5a97-a1e7-efe608f40bce con e3fcec5a-fbcb-500f-8ed0-26ba6fca332c 153.78.140.113:9527 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->e3fcec5a-fbcb-500f-8ed0-26ba6fca332c con 9c30047a-fba8-59eb-8115-e1e151a43326 108.241.110.154:22 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->9c30047a-fba8-59eb-8115-e1e151a43326 con f6645ca9-9005-5768-b874-5f1b1a9ebc3f 182.80.227.20:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->f6645ca9-9005-5768-b874-5f1b1a9ebc3f con 47fec5ff-8b9f-50b6-b156-bdf1603c60dd 52.182.131.204:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->47fec5ff-8b9f-50b6-b156-bdf1603c60dd con 49a8f767-361e-56f3-bfc8-d10c568a9db8 131.44.215.132:80 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->49a8f767-361e-56f3-bfc8-d10c568a9db8 con e4be4002-2946-5643-9732-1d469ca58131 167.189.247.42:8888 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->e4be4002-2946-5643-9732-1d469ca58131 con d6b2f7d5-7a9a-52e5-9962-0511f555dad0 219.252.109.96:22 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->d6b2f7d5-7a9a-52e5-9962-0511f555dad0 con 847f20fc-4206-5a7b-ba54-6ef3bd6f3474 79.245.156.168:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->847f20fc-4206-5a7b-ba54-6ef3bd6f3474 con 33474af8-5255-5c18-b6b0-fea746734c52 84.199.59.225:5000 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->33474af8-5255-5c18-b6b0-fea746734c52 con bba9cff4-099e-55f7-8d32-2b4d08bb9328 149.2.139.26:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->bba9cff4-099e-55f7-8d32-2b4d08bb9328 con 50e51a38-b286-5acd-8d96-0d9193e5248a 74.41.20.233:22 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->50e51a38-b286-5acd-8d96-0d9193e5248a con 038e87d8-fdfb-5b29-9cfc-88718e221cd2 156.104.39.213:37215 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->038e87d8-fdfb-5b29-9cfc-88718e221cd2 con 28610966-310f-5307-824c-e3422b93eeb7 85.174.6.162:22 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->28610966-310f-5307-824c-e3422b93eeb7 con 6a8e9ebf-0aff-525a-917e-10fe4bcfc250 27.179.198.164:8888 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->6a8e9ebf-0aff-525a-917e-10fe4bcfc250 con ca915048-3977-5e94-9bc0-47f2baa44a14 191.87.171.36:5000 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->ca915048-3977-5e94-9bc0-47f2baa44a14 con b95a8811-7544-5d9b-b6e7-7d5f6c0f4018 218.27.147.87:8081 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->b95a8811-7544-5d9b-b6e7-7d5f6c0f4018 con 5885f389-e791-5d6d-a2c6-8b6095262552 145.212.250.202:80 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->5885f389-e791-5d6d-a2c6-8b6095262552 con e60a4061-8155-5e81-b1b9-ced0dbee032d 85.177.193.14:80 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->e60a4061-8155-5e81-b1b9-ced0dbee032d con 2b52b098-f7be-555d-8f95-b7e2574b7f87 65.127.205.230:22 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->2b52b098-f7be-555d-8f95-b7e2574b7f87 con 94b940fa-2ae2-5817-8951-bb6d79e61319 50.65.101.61:8081 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->94b940fa-2ae2-5817-8951-bb6d79e61319 con ab27874c-c758-5a50-ac81-f48231a7b179 112.2.199.49:52869 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->ab27874c-c758-5a50-ac81-f48231a7b179 con 9dfc91da-8a26-5e0e-bb3a-3bb0aa6e8e00 63.241.98.112:9527 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->9dfc91da-8a26-5e0e-bb3a-3bb0aa6e8e00 con f4c66065-ca72-5377-a712-c869ef96305e 201.99.58.47:5000 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->f4c66065-ca72-5377-a712-c869ef96305e con 4c1d3698-395d-5541-a7b7-7992ac9456f4 206.52.3.229:22 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->4c1d3698-395d-5541-a7b7-7992ac9456f4 con 97549881-bcc5-5edf-89ab-c6c93928b9cb 44.89.172.6:8081 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->97549881-bcc5-5edf-89ab-c6c93928b9cb con 8e95bbd5-d985-5ce8-a153-bdf77b6aa515 9.147.179.6:8080 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->8e95bbd5-d985-5ce8-a153-bdf77b6aa515 con ab7dea07-9aa9-56b6-8720-a6d677138bf0 217.181.210.58:22 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->ab7dea07-9aa9-56b6-8720-a6d677138bf0 con 082b44da-4d3e-5ac1-a3f7-deef87c452c5 109.73.78.9:81 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->082b44da-4d3e-5ac1-a3f7-deef87c452c5 con 5d6bdbe0-799c-52c3-a666-6d5ff9b3f3eb 173.193.159.103:80 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->5d6bdbe0-799c-52c3-a666-6d5ff9b3f3eb con ef9c5cca-ae8c-592a-a448-b6ee83262a21 83.226.46.114:23 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->ef9c5cca-ae8c-592a-a448-b6ee83262a21 con 45eea670-ab7d-589d-a35b-f74faed84c0b 75.145.15.69:81 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->45eea670-ab7d-589d-a35b-f74faed84c0b con 710c33b8-1c2d-5775-9cb0-6947cb48acbd 196.192.208.207:5000 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->710c33b8-1c2d-5775-9cb0-6947cb48acbd con 2c9606ca-2818-52ae-b360-644fb54c24dd 110.208.31.15:80 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->2c9606ca-2818-52ae-b360-644fb54c24dd con cd53e777-9083-58c8-b66d-878352a43fb8 87.205.74.234:52869 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->cd53e777-9083-58c8-b66d-878352a43fb8 con 4776e666-1bbc-53ce-8225-b0d6eff360bb 92.121.156.252:8888 guuid=634fdeb4-1900-0000-e9b3-c58a34100000 pid=4148->4776e666-1bbc-53ce-8225-b0d6eff360bb con guuid=65b9f7b4-1900-0000-e9b3-c58a36100000 pid=4150->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 540B b2255150-2060-5b7f-9786-12d5e647a020 84.201.5.31:12121 guuid=65b9f7b4-1900-0000-e9b3-c58a36100000 pid=4150->b2255150-2060-5b7f-9786-12d5e647a020 con
Gathering data
Result
Threat name:
Mirai
Create hunting rule
Detection:
malicious
Classification:
troj
Score:
72 / 100
Link:
https://www.joesandbox.com/analysis/1810090
Signature
Antivirus / Scanner detection for submitted sample
Connects to many ports of the same IP (likely port scanning)
Malicious sample detected (through community Yara rule)
Uses dynamic DNS services
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1810090 Sample: morte.i686.elf Startdate: 07/11/2025 Architecture: LINUX Score: 72 30 mortex.duckdns.org 2->30 32 166.102.60.234, 52869 WINDSTREAMUS United States 2->32 34 100 other IPs or domains 2->34 36 Malicious sample detected (through community Yara rule) 2->36 38 Antivirus / Scanner detection for submitted sample 2->38 40 Yara detected Mirai 2->40 42 Connects to many ports of the same IP (likely port scanning) 2->42 8 dash rm morte.i686.elf 2->8         started        10 dash rm 2->10         started        12 dash cat 2->12         started        14 8 other processes 2->14 signatures3 44 Uses dynamic DNS services 30->44 process4 process5 16 morte.i686.elf 8->16         started        18 morte.i686.elf 8->18         started        20 morte.i686.elf 8->20         started        22 morte.i686.elf 8->22         started        process6 24 morte.i686.elf 16->24         started        26 morte.i686.elf 16->26         started        28 morte.i686.elf 16->28         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/db5d47d8fd8645176f1a4dffe1ffb763aed90d3c2afcfcdbbaaa7456accded7d
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/db5d47d8fd8645176f1a4dffe1ffb763aed90d3c2afcfcdbbaaa7456accded7d/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/db5d47d8fd8645176f1a4dffe1ffb763aed90d3c2afcfcdbbaaa7456accded7d
Threat name:
Linux.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-11-07 17:11:17 UTC
File Type:
ELF32 Little (Exe)
AV detection:
22 of 38 (57.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3noupwh5qzcro3y2jx76d75xmoxnsdj4fl6pzw52vj2fnlgn5v6q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai defense_evasion discovery linux
Link:
https://tria.ge/reports/251107-vqdymatlem/
Behaviour
Reads runtime system information
Enumerates running processes
Writes file to system bin folder
Modifies Watchdog functionality
Verdict:
Malicious
Tags:
trojan mirai Unix.Trojan.Mirai-7100807-0
YARA:
Linux_Trojan_Mirai_268aac0b Linux_Trojan_Mirai_0cb1699c Linux_Trojan_Mirai_70ef58f1 Linux_Trojan_Mirai_485c4b13 Linux_Trojan_Mirai_7d05725e Linux_Trojan_Mirai_2e3f67a9 Linux_Trojan_Mirai_0d73971c Linux_Trojan_Mirai_88de437f Linux_Trojan_Mirai_3278f1b8 Linux_Trojan_Mirai_cc93863b
Link:
https://app.threat.zone/submission/ed9d2c95-eb5e-4356-b521-155808ddf94a
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/db5d47d8fd8645176f1a4dffe1ffb763aed90d3c2afcfcdbbaaa7456accded7d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ELF_Mirai
Create hunting rule
Author:NDA0E
Description:Detects multiple Mirai variants
Rule name:Linux_Generic_Threat_1ac392ca
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_0cb1699c
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_0d73971c
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_268aac0b
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_2e3f67a9
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_3278f1b8
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_485c4b13
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_70ef58f1
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_7d05725e
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_88de437f
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_cc93863b
Create hunting rule
Author:Elastic Security
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 05d2d4be8bc03591f6461dcbf68cf8445fbb403fa4b4ea4f5435dc1dab5c9ab3

Mirai

elf db5d47d8fd8645176f1a4dffe1ffb763aed90d3c2afcfcdbbaaa7456accded7d

(this sample)

  
Dropped by
SHA256 05d2d4be8bc03591f6461dcbf68cf8445fbb403fa4b4ea4f5435dc1dab5c9ab3
  
Dropped by
MD5 7f890af1fb4c65b247b8e80ee3058b85
  
URLhaus
https://urlhaus.abuse.ch/url/3694994/
  
Delivery method
Distributed via web download

Comments